Page 1

Password Best Practices Length: Longer passwords better Strength: Alphanumeric, Upper Lowercase, Symbols Duration: Change passwords often Security Questions Make sure that these are filled out with factitious information Don't use dictionary words as your password. Don't use consecutive characters, numbers or symbols. Don't use that same password across multiple websites. Use a password manger to help make and store complex passwords Password Manager: Http:// Check password strength: Http:// Password Generator: 2 Factor Authentication 2 factor authentication means that you 1. A password that you already know. 2nd. is that you possess a device that a 2nd code can be sent to, to verify you are logging in. If a attacker was to obtain your passwords he would need to have the additional password to log in. The 2nd password changes every time. The attacker would also have to have the "DEVICE" to obtain the 2nd password. (Mention: Yubico: USB Key) On time passwords Passwords that you create on time and can't be used over and over. Proxies Website Proxy: Http:// Use this proxy for open hotspot or internet cafes. This will allow you to browse anonymously. VPNs are the preferred method of connecting then using Proxies. Using proxies you are still vulnerable to “Man-in-the-Middle� attacks. DNS Protection: Http:// Replace your internet provider's DNS servers and replace them with OpenDNS. OpenDNS blocks a large amount of spyware/malware and phishing sites automatically. With OpenDNS, you can configure custom filtering options. (Mention DNS poisoning) Encryption If at all possible make sure you use HTTPS (SSL) websites. Especially, when logging into a site make sure that (HTTPS) is enabled or present before proceeding. Facebook just made this option available in your account. You'll have to go into your account options and enable (secure login) Also, make sure that you are using a secure login for your email. (Explain packet sniffing and sniffing of the wire)

Windows has an option to encrypt data with BitLocker. You must have windows Ultimate or Enterprise to use the BitLocker functions. There is an alternative to BitLocker. It's called TrueCrypt. This application is free for personal use: Http:// (Mention: TrueCrypt hidden partition option) Wireless Security Enable wireless security in your router. Use WPA 2 PSK-AES 256. Don't use WEP for securing your wireless including TKIP. Use the above password practices. This procedure will eliminate others from using your wireless for malicious intent. (Mention: Firesheep and what it can do with an open wireless connection) Make inventory of all devices on your network by jotting down their MAC addresses. Make sure that you change the routers SSID as well. There are botnets out there use hack routers that use default SSID and passwords, (e.g. Chuck Norris BotNet) “Karate Chop Your Router� Malware / Spyware / Phishing / Botnets Malware/spyware is an infection that invades your machine with your knowledge or consent. To defend against these infection. Make sure that your system is: Contains an Antivirus program: Microsoft Security Essentials Http:// (Free) - or - NOD32: Http:// (Paid) Microsoft Windows Updates: Set up updates for automatic download and installation. Major security patches and updates are released 2nd Tuesday of every month. WARNING: Your system will be restarted. If there is a major security incursion then Microsoft will release what is called an "Out of Band patch". If you are using Adobe Acrobat. Please remove and install with "Fox-It". For the past couple of years Adobe Acrobat has become a major target for spreading infections through PDF files. Fox-it Software: Http:// Check for updates on all other applications: Http:// (PSI) Common applications used for system cleanup. CCleaner: Http:// Malwarebytes: Http:// Defragger: Phishing Phishing attack is when you receive an email that looks legit. Example, your bank sends you an email that they need your password or your password needs changing. If you are not paying attention you go ahead and reply to the email with the information. Another way the email can contain a link for you go to to fill out the information. You later realize that the site that you

went to isn't your bank. You just gave away your information to a 3rd party. They can later use this information to gather more information on you. Pay attention to emails and links that you click on. Don't click on links in email. Try to open the link in a browser. Again, if you are using the right DNS the link inside of the email will be blocked. Botnets Botnets are infected systems that are used to carry out attacks on websites or spread spam. (Mention: Conficker & Stuxnet) Browsers Browsers are programs that you use to view websites. There are a few common ones. Internet Explorer, Firefox , Safari, Opera and Chrome. Your security is going to vary depending on what browser you use. Internet Explore Version 9: More secure then earlier versions. However, still allows scripting and Active X. Firefox Version 4: Much more secure then IE. However, you need to install plug-ins to provide additional security. Firefox: Addons: HTTPS Everywhere: AdBlocker+: NoScript: Scripting is a way that a website can run programs or options. In Firefox the addon NoScript will block these scripts from running automatically. Many times scripts also are used for malicious reasons. Information Leakage is an application weakness where an application reveals sensitive data. Firewalls Firewall is a device that blocks or reflects attacks from outsiders. There are 2 kinds or firewalls, hardware and software. Hardware Firewalls: a physical device that sits after your modem and before your router. However, most routers have a simple firewall in them. Routers: have a software called Stateful Packet Inspection (SPI). It checks the data to make sure that it suppose to enter your network. UTM: Unified Threat Management, It's a device protect all traffic, including email, inbound, outbound and VoIP. Overkill for most users. NAT: Network address translation, this allows you to share a public ip address with multiple internal machines. This provides protection against outsiders attempting to access internal machines. Software Firewall: Windows Firewall, Firewall is enabled by default. When a program requests access to the outside world a box should pop up requiring permissions. Most Anti-virus programs come with a firewall as an option. They are bundles as a "internet security package"

(Mention: firewall segmentation, Red, Green, Blue, Orange) Backing Up 321 backup method: 3 Backup copies of anything you want to keep. 2 different storage media. 1 off-site storage site. Off-site Backup: Carbonite automatically backups your data to the cloud encrypted while it leaves your system. While in the cloud it's encrypted with AES. Backing up to an external storage: Drobo allows you to backup data without being locked in by size. The storage can grow with your needs. The device protects data from hard drive failure. Also, allows you to share your data across your network. Hard drives fail and data is lost. This program will allow you to recover the data provided that the hard drive can be detected by the BIOS. Http:// Sandboxing & Virtual Enviroments Sandboxing: It's a method of separating running applications. This method is used to run untrusted programs or code. There is an application for Windows that will perform this action. You can use what programs can be sand boxed. SandBoxie: Virtual Environments: You are able to run a whole version of an operating system in your current one. The software emulates physical hardware. When installing the operating system into the guest environment the operating system believes it's on a physical machine. This is even safer then the sandbox option. The downside is you have to have more physical hardware to run the virtual environment or (Guest OS). VmWare: VirtualBox: Mobile Security Everyone today has a smartphone or portable device. Often we overlook the security with these devices. We more and more empty our lives into these gadgets. Now, we need to secure those devices from loss or theft. On the Apple side you'll need to purchase a service called MobilMe. this will track your Apple device. Now, on the Android side we use LookOut. Apple: Android: Enable a password or pattern lockout for your mobile device. Have the device to lock quickly if left unattended. Also, make sure that you enable syncing of your device to protect from data loss or theft. When you device to change your device for a better model make sure that you wipe the data from the old device. In recent years there has been an escalation in malware and botnet activity.

Data Protection Often times we have to take our devices with us and they are loaded with sensitive information. This becomes even more of a problem when confronted by the TSA or ICE. You can refuse to provide them with your password or even search your devices. However, this will cause you significant delays. They can hold your device for days. To avoid all of these headaches, move your data to the cloud with encryption. You can use Dropbox or Carbonite to do this. You an access your data from remote. Also, you can always encrypted your drive. Using TrueCrypt OS encryption you can encrypted the entire operating system. The system will ask for a password before the operating system even loads. This prevents others from using a boot disk and getting to your data or the operating system. Dropbox: Hacking Windows If most of you are running Windows 7 then you have mostly like a password for you to log into your desktop. If not then it's a good idea to set one. Even with a password on your desktop there are methods of still getting into your desktop. That is why I recommended you using either TrueCrypt or passwording your BIOS. I use a boot disk like Ophcrack to brute force the password. This program will try to guess the password. The longer your password is the longer and harder for Ophcrack to guess it correctly. There is another boot disk called “Kon-Boot”. This application allows me to boot up and go right into your desktop with asking for the password. I still don't know what the password is though. Enable a password in your BIOS to ask for a password before entering your system or making changes to the BIOS itself. Now, there are ways to defeat this. There is a small black peg(JUMPER) on your motherboard that can “CLEAR” the password out. Only way around this is to place a physical lock on the computer case. Older systems you can just removed the CMOS battery for 20 minutes. Some cases do have what is called an “Intrusion Alarm”. The very next time you start up your system you should see a warming that your case was open and your BIOS screen didn't ask for the password. Another thing you'd want to do is disable other “Boot Devices”. Turn them off if you aren't using them. This will not allow CD Roms, USB or Network booting to occur. Memory Freezing There is a way to take your memory (RAM) and freeze it. This requires physical access to your machine or laptop. The attacker will freeze the RAM with a liquid spray and remove the memory sticks from the system. Next they will place the memory into another system. There they will dump the memory for analysis. The actual freezing and removing of the RAM must be done very quickly since the memory will start to loose it's data almost immediately. Kon-Boot: OphCrack: Additional Resources: Pass The Hash: How I crack your Windows Password:

BackTrack: Penetration Test: Metasplot: Armitage: After you leave here you'll know the basic understanding of how to protect yourself and what to look for. Well, at least that is my hope anyway. Q &A Questions and answer segment.

Computer Security  

RDC CompOPS Security Presentation